Encrypt Database Backups

Customer and business data has increasingly become the target high-tech theft. Protecting sensitive data is important not only inside the enterprise but also as it travels outside the enterprise across networks and to offsite storage on backup media. Oracle provides robust support for encrypting entire database backups. Encryption is the only defense when it comes to protecting business data when it is transported on tape or disk to offsite storage for safekeeping. Oracle provides two solutions for encrypting database backups.

Oracle RMAN

Oracle RMAN can encrypt an entire database backup using one of these three methods:

Local TDE master encryption key

Passphrase

Hybrid: Passphrase and local TDE master encryption key

Available since Oracle Database 10g Release 2, Oracle Transparent Data Encryption protects credit card data and other sensitive business information within the database. Oracle RMAN can encrypt the entire database backup using the same master key used by Transparent Data Encryption to encrypt columns and tablespaces.

Passphrases are ideal for customers who are not already encrypting data in the database and simply want their database backup encrypted. It is important to use a complex passphrase made up of characters and numbers to prevent a thief from easily breaking the encryption and reading the clear text data.

Example for 'transparent' encryption [and compression] when the local TDE master encryption key is available: